PRIVACY POLICY

Loyal Keeper Group Pty Ltd

ABN: 57 655 997 265

Last Updated: 26 April 2026  |  Version 2.0

Compliant with the Privacy Act 1988 (Cth), Australian Privacy Principles, Privacy and Other Legislation Amendment Act 2024 (Cth), and Information Privacy Act 2009 (Qld)

Loyal Keeper Group Pty Ltd ("we", "us", "our") is committed to protecting your privacy and handling your Personal Information transparently, securely, and in compliance with applicable laws.

This Privacy Policy sets out how we collect, use, disclose, store, and protect your Personal Information in accordance with:

•       Privacy Act 1988 (Cth) and the 13 Australian Privacy Principles (APPs)

•       Privacy and Other Legislation Amendment Act 2024 (Cth) (POLA Act), including amendments in force from 2025 and upcoming obligations effective December 2026

•       Information Privacy Act 2009 (Qld) (IPA) — where applicable to Queensland government-related activities

•       Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) (AML/CTF Act), as expanded from 1 July 2026

•       Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act 1988 (Cth)

 

Further information about the Australian Privacy Principles is available from the Office of the Australian Information Commissioner (OAIC) at https://www.oaic.gov.au/

Information about Queensland privacy obligations is available from the Office of the Information Commissioner Queensland at https://www.oic.qld.gov.au/

This Privacy Policy applies to all individuals whose Personal Information we collect or handle, including:

•       Property buyers and sellers

•       Landlords and property investors

•       Tenants and prospective tenants

•       Employees, contractors, and job applicants

•       Website visitors and enquiry form submitters

•       Any other person who interacts with our business

 

Note: As a real estate business, Loyal Keeper Group Pty Ltd is subject to the Privacy Act 1988 (Cth). From 1 July 2026, real estate professionals are also designated as reporting entities under the expanded AML/CTF regime, which removes any small business exemption that may have previously applied and brings additional obligations regarding identity verification and data handling.

Personal Information means information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information is true or not, and whether it is recorded in a material form or not. This may include:

•       Full name

•       Residential or postal address

•       Email address and phone number

•       Date of birth

•       Identification documents (e.g. driver licence, passport)

•       Financial information, income details, and bank account details

•       Tenancy history and rental references

•       Property ownership and transaction details

•       Employment details

•       Biometric or photographic data (where collected for identity verification purposes)

 

Sensitive Information is a subset of Personal Information and receives a higher level of protection. See Section 10 below.

We collect Personal Information necessary to provide our real estate sales and property management services, including:

•       Buyer and seller contact details and identification

•       Landlord and tenant information and identification documents

•       Financial and employment information for tenancy applications or compliance

•       Property-related information including ownership history and transaction records

•       Communication records (calls, emails, messages)

•       Identity verification information required under AML/CTF obligations (from 1 July 2026)

•       CCTV or photographic records taken at open homes, inspections, or our premises

 

We only collect Personal Information that is reasonably necessary for the purposes described in this Policy. We will not collect information we do not need.

We collect Personal Information in a number of ways, including:

•       Directly from you — in person, by phone, email, or online forms

•       Through our website and landing pages (including enquiry forms and chatbots)

•       Through our CRM and property management systems (e.g. PropertyMe Grow CRM)

•       During open homes, inspections, appraisals, and auctions — including collecting contact details at these events

•       Through automated or AI-assisted systems, including call-handling services

•       From third parties such as solicitors and conveyancers, referring agents, marketing platforms (e.g. realestate.com.au, Domain), government agencies, credit reporting bodies, and regulatory bodies

 

Where we collect your Personal Information in person (for example, at an open home), we will take steps to notify you of the purpose of collection at or before the time of collection, in accordance with APP 5.

Where reasonable and practicable, we will collect Personal Information directly from you rather than from third parties.

We collect and use your Personal Information for purposes including:

•       Providing real estate sales, property management, and related services

•       Facilitating property transactions (buying, selling, and leasing)

•       Communicating with clients, tenants, landlords, buyers, and other parties

•       Processing tenancy applications, agreements, and related documentation

•       Marketing properties and our services to you

•       Complying with legal and regulatory obligations, including AML/CTF identity verification requirements

•       Internal administration, record keeping, and system management

•       Responding to complaints and enquiries

 

We may also use your Personal Information for secondary purposes that are reasonably related to the primary purpose of collection, where you would reasonably expect such use, or where otherwise permitted by law.

At or before the time we collect your Personal Information, or as soon as practicable after, we will take reasonable steps to notify you of:

•       Our identity and contact details

•       The purposes for which we are collecting the information

•       Any third parties to whom we may disclose the information

•       Whether we are likely to disclose information overseas, and if so, the countries involved

•       Your rights to access and correct your Personal Information

•       How to contact us with privacy concerns

 

Collection notices may be provided verbally at open homes, via written forms, or through digital means including our website.

Where lawful and practicable, we will give you the option of not identifying yourself or using a pseudonym when interacting with us. For example, you may make a general enquiry about our services anonymously.

However, for most of our services — particularly tenancy applications, property transactions, and AML/CTF identity verification — we are required by law to verify your identity and anonymity is not possible.

We may use your Personal Information to provide you with information about our services, available properties, and market updates via:

•       Email

•       SMS

•       Phone

 

We will only use your Personal Information for direct marketing if:

•       You have consented to receive marketing communications; or

•       You would reasonably expect to receive such communications, and we provide you with a clear and easy means to opt out

 

You may opt out of receiving marketing communications at any time by clicking "unsubscribe" in any email we send, or by contacting us directly in writing at info@loyalkeeper.com.au.

We will action opt-out requests promptly and at no cost to you. We will not use or disclose your Personal Information for direct marketing after you have opted out.

We may disclose your Personal Information to third parties where it is necessary to deliver our services, comply with legal obligations, or where you have consented. Recipients may include:

•       Buyers, sellers, landlords, and tenants involved in a transaction

•       Solicitors, conveyancers, and legal representatives

•       Tradespeople and contractors (for maintenance or property services)

•       Marketing and advertising platforms (e.g. realestate.com.au, Domain)

•       Technology and software providers (CRM, cloud storage, communication systems)

•       Payment processors and trust accounting systems

•       Credit reporting bodies (where applicable)

•       Government authorities, regulators, courts, or law enforcement where required by law

•       Financial intelligence bodies under AML/CTF obligations (e.g. AUSTRAC)

 

We only disclose Personal Information where it is necessary for the relevant purpose and proportionate to that purpose.

Some of our technology service providers may store or process Personal Information on servers located overseas. The countries where your Personal Information may be held or processed include:

•       United States of America (cloud and software platforms)

•       Ireland / European Union (cloud infrastructure)

•       Singapore (regional cloud infrastructure)

 

Before disclosing your Personal Information to an overseas recipient, we take reasonable steps to ensure the overseas recipient does not breach the APPs in relation to that information, as required by APP 8.

By providing your Personal Information to us, you acknowledge that your information may be transferred to and stored in systems located outside Australia. You consent to such disclosure where permitted by law.

Action Required: Review all technology providers (CRM, cloud storage, communication systems) and confirm the specific countries where data is stored, then update the list above.

Sensitive Information includes health information, biometric data, racial or ethnic origin, political opinions, religious beliefs, criminal records, and other categories defined under the Privacy Act 1988 (Cth).

We will only collect, use, or disclose Sensitive Information:

•       With your express consent; or

•       Where required or authorised by law

 

We do not routinely collect Sensitive Information in the course of our real estate services. If we are required to do so for regulatory compliance purposes (such as AML/CTF identity verification), we will notify you at the time of collection.

From 10 December 2026, the Privacy and Other Legislation Amendment Act 2024 (Cth) requires organisations to disclose in their privacy policy if they use substantially automated processes that make decisions about individuals using their Personal Information.

We are currently reviewing our systems and processes to assess whether any automated decision-making that engages APP 1.7 is conducted. This section will be updated prior to 10 December 2026 to include:

•       The types of decisions made using automated processes

•       The kinds of Personal Information used in those decisions

•       The actions taken by computer programs in the decision-making process

 

Currently, AI-assisted systems are used in our business for purposes including call handling and client communication. These systems are used to support, not replace, human decision-making.

Action Required: Conduct an audit of all AI and automated systems before October 2026 to document any substantially automated decisions that use personal information, and update this section accordingly before 10 December 2026.

From 1 July 2026, real estate professionals are designated reporting entities under the expanded Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) (AML/CTF Act).

As a result, we are required to:

•       Collect and verify the identity of clients involved in property transactions (Know Your Customer / KYC)

•       Retain identity verification records for a minimum of 7 years

•       Report certain transactions and suspicious matters to AUSTRAC

•       Implement an AML/CTF Program

 

Personal Information collected for AML/CTF purposes will be used solely for compliance with the AML/CTF Act and our legal obligations thereunder. This information will not be used for marketing purposes.

Action Required: Ensure your AML/CTF Program is in place prior to 1 July 2026 and that all relevant staff have completed required training.

We take reasonable steps to ensure that the Personal Information we collect, use, and disclose is accurate, up to date, complete, and relevant.

If you believe that information we hold about you is inaccurate, out of date, incomplete, or misleading, please contact our Privacy Officer using the details in Section 20 to request a correction.

We take reasonable technical and organisational measures to protect your Personal Information from misuse, loss, unauthorised access, modification, or disclosure. These measures include:

•       Secure CRM and property management systems with access controls

•       Multi-factor authentication for staff system access

•       Staff training on privacy obligations and data handling procedures

•       Digital record management and audit trails

•       Secure communication and encrypted storage platforms

•       Controlled access policies limiting data access to those who need it

 

While we take all reasonable precautions, no digital system can be guaranteed completely secure. We encourage you to contact us immediately if you suspect any unauthorised use or disclosure of your information.

We retain Personal Information only for as long as necessary to fulfil the purposes for which it was collected, or as required or authorised by law.

Specific retention periods include:

•       Real estate transaction and property management records: minimum 7 years

•       AML/CTF identity verification records (from 1 July 2026): minimum 7 years

•       Employee and contractor records: in accordance with applicable Queensland and Commonwealth employment laws

•       Marketing consent records: until opt-out plus a reasonable period thereafter

 

When Personal Information is no longer required, we take reasonable steps to securely destroy or permanently de-identify it.

You have the right to request access to the Personal Information we hold about you, and to request correction if it is inaccurate, out of date, incomplete, or misleading.

To make an access or correction request:

•       Submit your request in writing to our Privacy Officer (see Section 20)

•       We may require you to verify your identity before actioning your request

•       We will respond to your request within 30 days of receipt

 

We do not charge a fee for making an access request, but may charge a reasonable administrative fee for providing copies of records.

If we decline to provide access or make a correction, we will provide written reasons and advise you of the available complaint mechanisms.

In the event of an eligible data breach — that is, a breach that is likely to result in serious harm to any affected individuals — we will comply with the Notifiable Data Breaches (NDB) scheme under the Privacy Act 1988 (Cth) by:

•       Investigating the breach promptly upon becoming aware of it

•       Taking immediate steps to contain and remediate the breach

•       Notifying affected individuals as soon as practicable

•       Notifying the OAIC within 30 days of becoming aware of the eligible data breach

 

Where the severity of harm cannot be immediately assessed, we will conduct an expedited assessment within 30 days of becoming aware of the potential breach.

If you suspect a data breach involving your Personal Information, please contact our Privacy Officer immediately at info@loyalkeeper.com.au.

Our website may use cookies, pixel tags, and analytics tools to:

•       Improve user experience and website functionality

•       Analyse website traffic and visitor behaviour

•       Support marketing and targeted advertising activities

 

You may disable cookies through your browser settings; however, doing so may affect the functionality of our website. Where our website uses cookies for marketing purposes, we will provide a cookie consent notice.

Our website may collect Personal Information through enquiry forms. That information is handled in accordance with this Privacy Policy.

The Information Privacy Act 2009 (Qld) (IPA) applies to Queensland Government agencies. As a private sector business, we are primarily regulated by the Commonwealth Privacy Act 1988. However:

•       Where we interact with Queensland Government agencies or handle information on their behalf, we will comply with applicable Queensland privacy requirements.

•       Individuals whose information is held by Queensland Government entities should contact the relevant agency directly or the Office of the Information Commissioner Queensland at https://www.oic.qld.gov.au/

 

If you are a Queensland Government employee and have concerns about how a government agency has handled your information, you may contact the Queensland Ombudsman or the Office of the Information Commissioner Queensland.

This Privacy Policy will be reviewed and updated regularly to reflect changes in our business practices, technology, and applicable laws. We are committed to updating this Policy:

•       Before 10 December 2026 to incorporate automated decision-making transparency obligations under APP 1.7

•       Prior to 1 July 2026 to reflect AML/CTF obligations for real estate professionals

•       Whenever our business practices involving Personal Information change materially

 

The latest version of this Policy will always be available on our website and from our Privacy Officer upon request. We encourage you to review this Policy periodically.

If you have any questions, concerns, or complaints about this Privacy Policy or how your Personal Information is handled, please contact:

 

Privacy Officer: Loyal Keeper Group Pty Ltd

Postal Address: PO BOX 3141, Browns Plains QLD 4118

Email: info@loyalkeeper.com.au

Phone: 1300 880 824

 

We will acknowledge your complaint within 5 business days and aim to resolve it within 30 days. We will keep you informed of the progress of our investigation.

If you are not satisfied with our response, you may escalate your complaint to:

 

Office of the Australian Information Commissioner (OAIC):

•       Website: https://www.oaic.gov.au/

•       Phone: 1300 363 992

•       GPO Box 5218, Sydney NSW 2001

 

Office of the Information Commissioner Queensland (OIC Qld):

•       Website: https://www.oic.qld.gov.au/

•       Phone: (07) 3234 7373

 

This Privacy Policy is provided for general information and compliance purposes. While every effort has been made to ensure this Policy is consistent with the Privacy Act 1988 (Cth), the Australian Privacy Principles, the Privacy and Other Legislation Amendment Act 2024 (Cth), and Queensland privacy laws, it does not constitute legal advice.

Loyal Keeper Group Pty Ltd recommends obtaining independent legal advice to confirm the suitability of this Policy for your specific business operations and regulatory circumstances, particularly as further Privacy Act reforms are expected to be implemented progressively through 2026 and beyond.

 

Document Control: This Policy was revised on 26 April 2026 (Version 2.0) by reference to the OAIC compliance sweep guidance, the Privacy and Other Legislation Amendment Act 2024 (Cth), the AML/CTF regime expansion effective 1 July 2026, and upcoming APP 1.7 automated decision-making obligations effective 10 December 2026.